DSA Transparency Reporting by Provider Tier

Start by classifying the service before collecting numbers. The baseline Article 15 report applies to providers of intermediary services that engage in content moderation, subject to the DSA's micro and small enterprise exclusion where the provider is not a VLOP. Hosting services then have additional notice-and-action fields, online platforms have additional dispute and misuse-suspension fields, and VLOPs or VLOSEs have enhanced Article 42 reporting.

A useful reporting register should therefore hold one row per service, not one row per legal entity. The row should identify whether the service is an intermediary service, hosting service, online platform, online search engine, VLOP, or VLOSE; whether a micro or small enterprise exclusion is being relied on; the reporting period; the public report URL; and the evidence system that produced each figure.

The Article 15 report is a content-moderation report, so its source data should come from moderation, notice, order, complaint, automation, and policy-enforcement systems rather than from a narrative compliance memo. The implementing regulation makes the report operational by providing templates and requiring public availability no later than two months after the end of the relevant reporting period.

For non-VLOP intermediary, hosting, and online-platform reports, the harmonised yearly reporting period is 1 January through 31 December. For VLOPs and VLOSEs, the implementing regulation uses six-month periods of 1 January through 30 June and 1 July through 31 December. Reports must remain publicly available for at least five years after publication, including updated versions.

Article 24(2) requires providers of online platforms and online search engines to publish, for each service, average monthly active recipients in the Union at least every six months. This publication is relevant to possible VLOP or VLOSE designation, but it is not the same deliverable as the annual Article 15 report.

Keep the AMAR calculation evidence separate from the moderation report evidence. The file should show the six-month measurement window, service boundary, inclusion and exclusion logic, data sources, deduplication method, public page URL, publication date, and any response sent to the Digital Services Coordinator of establishment or the Commission if they request updated or substantiating information.

Article 17 requires hosting services to give affected recipients clear and specific statements of reasons when they remove, disable access to, demote, restrict visibility, suspend or terminate monetisation, or otherwise restrict user-provided information because it is alleged to be illegal or incompatible with terms. Article 24(5) then requires online platforms to submit those decisions and statements of reasons to the Commission database without undue delay and without personal data.

This database obligation should be managed as an event stream, not as an annual report appendix. Moderation systems need enough structured fields to produce the recipient notice, submit the platform statement to the database, suppress personal data from the submission, and reconcile rejected or corrected submissions.

Designated VLOPs and VLOSEs need the baseline reporting evidence, but Article 42 adds evidence that smaller providers do not need to publish in the same way. For VLOPs, the transparency report must specify moderation human resources by EU official language, qualifications and linguistic expertise, training and support, and language-level indicators for automated-means accuracy. VLOPs and VLOSEs also report Member State active-recipient data.

Article 42 also requires designated services to transmit and make public risk assessment, mitigation, audit, and audit implementation reports within the DSA rule structure, subject to the public-report redaction route where publication would disclose confidential information, create significant service-security vulnerabilities, undermine public security, or harm recipients.

Before publishing a DSA transparency report, test whether every public number can be traced back to a service, reporting period, legal field, source system, extraction query, owner approval, and version. The implementing regulation's template should be treated as the report specification, not as a final formatting step.

The highest-risk gaps are mismatched service tiers, annual reports that omit online-platform fields, moderation systems that cannot distinguish law-based actions from terms-based actions, automated-moderation metrics without error or accuracy context, and statement-of-reasons pipelines that lack personal-data controls.